Re: sync-server without deletes?
On 09/14/2010 08:53 AM, Bron Gondwana wrote: > With the new replication engine in 2.4, it will be possible - deleted > messages still get replicated for a week - and if you set an explicit > long expiry time on the replica (say, years!) then it wouldn't get > cleaned up any earlier. That sounds like it's what we want, so I'll plan on moving to that. In the short term perhaps I'll just need to copy to a common folder as you indicated, or have postfix just send a duplicate copy to our long-term backup server. Thanks, Derek -- ---------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
sync-server without deletes?
We've been running sync replication between two servers for a few months now and everything has been working well. Recently, management has come down and asked if it's possible to have the sync only perform additions and to ignore deletions. The idea is that they would like our backup server (or possibly a third box) contain an archive of all mail ever delivered to our users (we would manage expiration manually). From what I can tell, this most likely isn't possible with the current sync-server, so I wanted to confirm that hunch and if I'm correct, see what other people are doing for this kind of thing. Thanks, Derek -- ---------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: sync_server and PLAIN mech...
On 04/02/2010 11:41 AM, Dan White wrote: > > --enable-plain is default. > > What about ldd on your pluginviewer, and /usr/local/lib/libsasl2.so.2, > anything missing? > > Try strace (or the Solaris equivalent) to see why pluginviewer is > segfaulting. Aha! I knew it was something dumb/simple. Although sasl2 was compiled and installed under /usr/local, it was still searching for things under /usr/lib/sasl2. Here's the relevant calls from truss (Solaris strace equiv): openat(-3041965, "/usr/lib/sasl2", O_RDONLY|O_NDELAY|O_LARGEFILE) Err#2 ENOENT I set a symlink (as it says to in the install.html file, don't know how I missed that...) from /usr/local/lib/sasl2 to /usr/lib/sasl2 and now it's all working: bash-3.00# /usr/local/sbin/pluginviewer Installed SASL (server side) mechanisms are: LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL ... If I may make a suggestion, it would be nice if "make install" performed the symlink, or at least printed out a very visible message to that effect. I suspect I'm not the first person to run into this. Thanks! Derek -- ---------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sync_server and PLAIN mech...
On 04/02/2010 12:05 AM, Dan White wrote: > > Your sasl install, and/or your link against libsasl2 looks bad. Does your > glue library, libsasl2.so (in /usr/lib ?), match your install in > /usr/local/lib? libsasl2.so is in /usr/local/lib, and ldd reports that the link is good: bash-3.00$ ldd /usr/cyrus/bin/sync_server libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 ... It's sasl 2.1.22, and it was built with the following options (from config.status): ./configure '--enable-login' '--without-des' Thanks, Derek -- ---------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sync_server and PLAIN mech...
On 04/01/2010 10:02 PM, Dan White wrote: > On 01/04/10 18:43 -0500, Derek Chen-Becker wrote: >> I've been googling and reading the mailing lists all afternoon and I >> just can't figure this out. I've even tried trussing (Solaris) >> sync_server and saslauthd. When I run synctest against my 2.3.16 server >> it comes back with an auth error: >> >> badlogin: mail.cpicorp.com [192.168.25.10] PLAIN [SASL(-4): no mechanism >> available: Couldn't find mech PLAIN] >> >> Of course, if I use imtest to hit imapd on the same machine it logs in >> fine with the PLAIN mech. I found a similar post on google, but I >> couldn't find any resolution to the issue. One question would be whether >> sync_server actually honors the /etc/imapd.conf sasl settings. In my >> case, it's just: >> >> allowanonymouslogin: no >> allowplaintext: yes >> sasl_pwcheck_method: saslauthd > > Use synctest (or telnet csync) to visually verify that the PLAIN > mechanism is being offered by the server: > > dwh...@zek:~$ synctest localhost > S: * SASL SRP DIGEST-MD5 PASSDSS-3DES-1 GSSAPI OTP NTLM CRAM-MD5 LOGIN > PLAIN > S: * OK zek Cyrus sync server v2.3.16 > > And verify that the host you're running sync_client on has the PLAIN mech > installed with pluginviewer. This looks bad: bash-3.00# /usr/local/sbin/pluginviewer No server side SASL mechanisms installed Segmentation Fault (core dumped) bash-3.00# /usr/cyrus/bin/synctest localhost S: * STARTTLS S: * OK mail.cpicorp.com Cyrus sync server v2.3.16 Authentication failed. generic failure Security strength factor: 0 ^CC: EXIT Connection closed. If I run imtest against the machine I'm seeing different output from another Solaris 10 box that's running 2.3.15: bash-3.00$ /usr/cyrus/bin/imtest -u dbecker -a dbecker -m PLAIN snmail S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS COMPRESS=DEFLATE] mail.cpicorp.com Cyrus IMAP v2.3.16 server ready C: A01 AUTHENTICATE PLAIN S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 0 ^CC: Q01 LOGOUT Connection closed. -bash-3.00$ /usr/cyrus/bin/imtest -u dbecker -a dbecker -m PLAIN ssmail S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=LOGIN AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] mail.cpicorp.com Cyrus IMAP v2.3.15 server ready Please enter your password: The 2.3.16 box seems to be missing the AUTH=LOGIN, AUTH=PLAIN and SASL-IR capabilities, but I've copied the configs verbatim from the 2.3.15 box. The only thing I can think of is that I've somehow missed copying a config file somewhere. Worst case, maybe I'll try to build 2.3.15 on the box to make sure that that works properly before testing out 2.3.16. I feel like I must be missing something really simple here. All of the plugins appear to be in place on the machine in question: bash-3.00$ ls /usr/local/lib/sasl2/ libanonymous.la libdigestmd5.so.2 libplain.la libanonymous.so libdigestmd5.so.2.0.22 libplain.so libanonymous.so.2 libgssapiv2.la libplain.so.2 libanonymous.so.2.0.22 libgssapiv2.so libplain.so.2.0.22 libcrammd5.la libgssapiv2.so.2libsasldb.la libcrammd5.so libgssapiv2.so.2.0.22 libsasldb.so libcrammd5.so.2 liblogin.la libsasldb.so.2 libcrammd5.so.2.0.22liblogin.so libsasldb.so.2.0.22 libdigestmd5.la liblogin.so.2 smtpd.conf libdigestmd5.so liblogin.so.2.0.22 Thanks, Derek -- -- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sync_server and PLAIN mech...
I've been googling and reading the mailing lists all afternoon and I just can't figure this out. I've even tried trussing (Solaris) sync_server and saslauthd. When I run synctest against my 2.3.16 server it comes back with an auth error: badlogin: mail.cpicorp.com [192.168.25.10] PLAIN [SASL(-4): no mechanism available: Couldn't find mech PLAIN] Of course, if I use imtest to hit imapd on the same machine it logs in fine with the PLAIN mech. I found a similar post on google, but I couldn't find any resolution to the issue. One question would be whether sync_server actually honors the /etc/imapd.conf sasl settings. In my case, it's just: allowanonymouslogin: no allowplaintext: yes sasl_pwcheck_method: saslauthd Like I said, IMAP works fine, it's just sync_server that seems unhappy. Any guidance would be appreciated. Thanks, Derek -- ------ Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Lockers keeps going higher...
Simon Matter wrote: > I'm quite sure in your case the problem is with duplicate_db (deliver.db). > Otherwise you wouldn't see those locker errors because they are not coming > from skiplist. So I suggest to convert deliver.db the same way to > skiplist. This thread seems to indicate that using skiplist for deliver.db isn't optimal: http://lists.andrew.cmu.edu/pipermail/info-cyrus/2005-September/019694.html My question would be, if I can only ever have 10 concurrent lmtpd processes running (based on my postfix config), how can I possibly have 1600+ lockers on the database? Is there some code path that isn't releasing the lock on deliver.db? Thanks, Derek -- ---------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Lockers keeps going higher...
> > My suggestion would be to switch to skiplist and get rid of those > "lockers". I never heard anyone complaining after switching to skiplist. > The listarchives can tell you more about it. > > Regards, > Simon > As far as I know I did switch to skiplist. I upgraded to 2.3 from a 2.1 install and one of the steps was: rm -f /var/imap/db/* cp /var/imap/mailboxes.db /var/imap/mailboxes.db.old cvt_cyrusdb /var/imap/mailboxes.db berkeley /var/imap/mailboxes.db.new skiplist mv /var/imap/mailboxes.db.new /var/imap/mailboxes.db rm -f /var/imap/db/* touch /var/imap/db/skipstamp chown -R cyrus:other /var/imap for fl in `find /var/imap/user name \*.seen`; do /usr/cyrus/bin/cvt_cyrusdb $fl flat ${fl}.new skiplist; mv ${fl}.new $fl; done Is there something besides mailboxes.db and the user .seen files that should be converted? Also, the load on the box in terms of connections and messages is roughly equivalent as other days when this doesn't happen. I looked through postfix and I noticed these errors: Jul 15 08:10:58 ssmail postfix/lmtp[23685]: [ID 197553 mail.info] 10C722DB6E0: to=, relay=cpimail.cpicorp.com[/var/imap/socket/lmtp], delay=29096, delays=19403/5509/3583/600, dsn=4.4.2, status=deferred (conversation with cpimail.cpicorp.com[/var/imap/socket/lmtp] timed out while sending end of data -- message may be sent more than once) Jul 15 08:10:58 ssmail postfix/lmtp[23915]: [ID 197553 mail.info] 1D1AA2DB845: to=, relay=cpimail.cpicorp.com[/var/imap/socket/lmtp], delay=29038, delays=19345/6092/3001/600, dsn=4.4.2, status=deferred (conversation with cpimail.cpicorp.com[/var/imap/socket/lmtp] timed out while sending end of data -- message may be sent more than once) Postfix is configured with a hard limit of 10 concurrent lmtp processes. Is that too high? If it happens again, does anyone have some dtrace scripts for figuring out what lmtpd is doing? Thanks, Derek -- ------ Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Lockers keeps going higher...
This morning mail delivery via lmtp was slowing to a crawl. When I look in the logs, the only unusual thing that I see are the lines: Jul 13 15:32:13 ssmail lmtpunix[24474]: [ID 366844 local6.info] DBMSG: 27 lockers Jul 15 00:00:48 ssmail lmtpunix[4411]: [ID 366844 local6.info] DBMSG: 148 lockers Jul 15 00:10:48 ssmail lmtpunix[22170]: [ID 366844 local6.info] DBMSG: 618 lockers Jul 15 00:30:49 ssmail lmtpunix[3294]: [ID 366844 local6.info] DBMSG: 680 lockers Jul 15 08:10:58 ssmail lmtpunix[4002]: [ID 366844 local6.info] DBMSG: 1642 lockers It just keeps going up and up. Eventually I restarted master and then things went back down to about 20-25 lockers and my postfix delivery queue emptied from about 2500 queued messages to 50 in about 3 minutes. Is this related, or is this just a red herring? Thanks, Derek -- -- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Bizarre error with lmtpd
Simon Matter wrote: >> I'm working on installing Cyrus 2.3.14 and I've run into a weird issue. >> When postfix goes to deliver a message via lmtpunix, I get a segfault: > > Please make sure you add this patch before any more debugging: > http://github.com/brong/cyrus-imapd/commit/ec1bfcf6a1db9c86cbf55b9c25d7eb044dbbe51b#diff-0 Thanks! That fixed it. For what it's worth, I noticed that without specifying the "CFLAGS=-g", the CFLAGS var was actually being set to "CFLAGS=-g -O2", so what I was really doing was disabling optimization. Derek -- ---------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Bizarre error with lmtpd
I'm working on installing Cyrus 2.3.14 and I've run into a weird issue. When postfix goes to deliver a message via lmtpunix, I get a segfault: Jun 12 16:06:30 ssmail lmtpunix[24401]: [ID 921384 local6.debug] accepted connection Jun 12 16:06:30 ssmail lmtpunix[24401]: [ID 685068 local6.debug] lmtp connection preauth'd as postman Jun 12 16:06:30 ssmail master[27855]: [ID 970914 local6.error] process 24401 exited, signaled to death by 11 Jun 12 16:06:30 ssmail master[27855]: [ID 621917 local6.debug] service lmtpunix pid 24401 in BUSY state: terminated abnormally But if I rebuild imap with "CFLAGS=-g" then it delivers normally: Jun 16 10:52:43 ssmail lmtpunix[6838]: [ID 518349 local6.debug] executed Jun 16 10:52:43 ssmail lmtpunix[6838]: [ID 921384 local6.debug] accepted connection Jun 16 10:52:43 ssmail lmtpunix[6838]: [ID 685068 local6.debug] lmtp connection preauth'd as postman Jun 16 10:52:43 ssmail lmtpunix[6838]: [ID 802986 local6.debug] IOERROR: fstating sieve script /var/imap/sieve/d/dbecker/defaultbc: No such file or directory Jun 16 10:52:43 ssmail lmtpunix[6838]: [ID 100061 local6.debug] duplicate_check: <4a37bc0e.5020...@cpicorp.com> user.dbecker 0 Jun 16 10:52:44 ssmail last message repeated 1 time Jun 16 10:52:44 ssmail lmtpunix[6838]: [ID 964586 local6.info] Delivered: <4A37B c0e.5020...@cpicorp.com> to mailbox: user.dbecker I had turned on the "-g" flag to try and debug the failure. Based on output from truss (this is Solaris 10), the segfault was coming when lmtpd tried to mmap and access the cyrus.header file for a given user. The cyrus.header file was correct, and even after I nuked the cyrus.header file and did a reconstruct it still crashed. I've done 4 builds now, two with "-g" and two without, and the behavior is consistent. Ideas? Thanks, Derek -- ------ Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 -- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Hello! Installing Cyrus first time...
Hi Daniel, It sounds like the pwcheck server isn't set up correctly. If you are using a newer version of Cyrus, you'll probably want to use saslauthd; I found it more flexible and easier to configure. I can't remember where the documentation was that I used, but it was pretty straightforward. What do you want to authenticate against? PAM, sasldb, etc? Derek danielm wrote: > Hi, I've got the Cyrus server to the point where it's responding to > telnet localhost 143 but I think I've left out the authentication stuff, > I just assumed that ports would take care of that. When I try to run > cyradm I get : plaintext [user] cannot connect to pwcheck server. Sounds > fairly obvious as to what the problem is. > > My question... Is there a good page describing how to setup Cyrus so I > can go back and do the bit that I left out? Or can someone take me > through it? > > (I am running Freebsd) > > Thanks a lot > > -- ======== Derek Chen-Becker Senior Network Engineer CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 314-231-1575 x6014 [EMAIL PROTECTED] PGP Key available from public key servers Fingerprint: 1C34 D81E D8A0 641D 6C8C E952 3B15 693F 9184 BC58
Purge utilities?
Hi, I was wondering what utilities are out there for purging old messages from users' mailboxes. I've looked at ipurge and someone on the list posted about a program called "Janitor" last year, but we're looking for something with a little extra functionality. Specifically, we would like to delete old *read* messages from the users' INBOXes. If there isn't anything out there that does this, is there any sort of API that would allow me to check read/unread status on messages in a folder? Thanks, Derek -- ======== Derek Chen-Becker Senior Network Engineer CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 314-231-1575 [EMAIL PROTECTED] PGP Key available from public key servers Fingerprint: 1C34 D81E D8A0 641D 6C8C E952 3B15 693F 9184 BC58